Slack
Slack is a desktop security toolkit (written in Go with Wails UI) that integrates web scanning, directory enumeration, company intelligence, and space search capabilities. It bundles 8,500+ fingerprints, 3,400+ POCs, and integrates Nuclei v3 for vulnerability scanning.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | qiwentaidi/Slack |
| Owner | qiwentaidi |
| Primary language | Go |
| License | MIT — OSI-approved |
| Stars | 1.1k |
| Forks | 142 |
| Open issues | 5 |
| Latest release | v2.2.9 (2026-03-20) |
| Last updated | 2026-04-29 |
| Source | https://github.com/qiwentaidi/Slack |
What Slack is
Go-based desktop application using Wails v2.11.0 framework. Includes Nuclei v3 integration for POC execution, supports directory scanning (dirsearch/supersearchplus compatible), database sampling with regex pattern matching (ID/phone/API credentials), and encryption/decryption via embedded CyberChef. Interfaces with FOFA, Hunter, and Quake threat intelligence platforms.
Get the Slack source
Clone the repository and explore it locally.
git clone https://github.com/qiwentaidi/Slack.gitcd Slack# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- V2 version is no longer maintained (V3 Hephaestus-Desktop and web version available separately); verify migration path and feature parity before adoption.
- Requires local Wails environment setup and Go toolchain for builds; pre-compiled binaries available but validate against your distribution/security requirements.
- Threat intel integrations (FOFA, Hunter, Quake) require API credentials; cost and rate-limiting of these external services not detailed.
- POC library (3,400+) and fingerprints (8,500+) embedded; no mention of automated update cadence or versioning strategy post-release.
- Desktop-only deployment model; no headless/CLI-only option mentioned for integration into automated CI/CD scanning pipelines.
When to avoid it — and what to weigh
- Unauthorized or gray-area target scanning — Project explicitly disclaims non-authorized use. Legal liability and tool functionality assume lawful authorization; use outside authorized scope violates stated terms.
- Production vulnerability management at scale — Single-user desktop tool; no centralized reporting, team collaboration, or multi-tenant support. Not designed for enterprise SaaS or large fleet deployments.
- Active exploitation required — All POCs are stated as theoretical detection only—no actual exploit execution. If true exploitation and payload delivery are needed, alternative tools are required.
- Cross-platform distribution or SaaS offering — V2 is archived per README; V3 and web versions exist separately. Desktop app is Windows/Mac/Linux compatible but requires desktop deployment and local operation.
License & commercial use
MIT License (OSI-approved, permissive). No copyleft restrictions; derivative works allowed. Includes typical MIT disclaimers (no warranty, liability).
MIT permits commercial use without explicit permission. However, project includes strong legal disclaimer: tool is authorized only for lawful security testing with proper authorization. Any commercial offering or service using Slack must ensure compliance with local laws and customer authorization requirements. Recommend legal review before reselling or integrating into commercial services.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Stale |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Possible |
| Assessment confidence | High |
Project is an assessment tool, not a vulnerable target. Key points: (1) POCs stated as detection-only, no actual exploitation code; (2) tool interacts with external APIs (FOFA, Hunter, Quake)—credential storage and transmission practice unknown; (3) database sampling includes sensitive data pattern matching (IDs, credentials)—ensure data handling aligns with privacy regulations; (4) desktop app runs with user privileges; (5) no security audit or CVE history evident in provided data. Validate credential handling and data exfiltration controls before use with sensitive targets.
Alternatives to consider
Burp Suite Community / Pro + Nuclei CLI
Industry-standard web scanner with robust community and commercial support; Nuclei CLI for POC-driven scanning; better documentation and team collaboration.
Hephaestus (V3 / web version)
Direct successor to Slack V2; maintained and feature-parity expected; same author, no migration friction.
OWASP ZAP + Metasploit Framework
Open-source, widely supported ecosystem; active exploitation capability; broader integration and team collaboration; larger community.
Build on Slack with DEV.co software developers
Slack V2 is archived; consider migration to V3 (Hephaestus). Need a custom assessment toolkit, team collaboration, or automated scanning pipeline? Devco can help you architect, extend, or build a supported security platform.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
Slack FAQ
Is V2 still being updated?
Can I use POCs to actually exploit vulnerabilities?
Does Slack run on Windows, Mac, and Linux?
What happens if I scan targets without authorization?
Software development & web development with DEV.co
Adopting Slack is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source security software in production.
Evaluate Slack for Your Authorized Security Program
Slack V2 is archived; consider migration to V3 (Hephaestus). Need a custom assessment toolkit, team collaboration, or automated scanning pipeline? Devco can help you architect, extend, or build a supported security platform.